|
|
@@ -145,11 +145,31 @@ public class TestKMS {
|
|
|
}
|
|
|
|
|
|
protected Configuration createBaseKMSConf(File keyStoreDir) throws Exception {
|
|
|
- Configuration conf = new Configuration(false);
|
|
|
- conf.set(KMSConfiguration.KEY_PROVIDER_URI,
|
|
|
+ return createBaseKMSConf(keyStoreDir, null);
|
|
|
+ }
|
|
|
+
|
|
|
+ /**
|
|
|
+ * The Configuration object is shared by both KMS client and server in unit
|
|
|
+ * tests because UGI gets/sets it to a static variable.
|
|
|
+ * As a workaround, make sure the client configurations are copied to server
|
|
|
+ * so that client can read them.
|
|
|
+ * @param keyStoreDir where keystore is located.
|
|
|
+ * @param conf KMS client configuration
|
|
|
+ * @return KMS server configuration based on client.
|
|
|
+ * @throws Exception
|
|
|
+ */
|
|
|
+ protected Configuration createBaseKMSConf(File keyStoreDir,
|
|
|
+ Configuration conf) throws Exception {
|
|
|
+ Configuration newConf;
|
|
|
+ if (conf == null) {
|
|
|
+ newConf = new Configuration(false);
|
|
|
+ } else {
|
|
|
+ newConf = new Configuration(conf);
|
|
|
+ }
|
|
|
+ newConf.set(KMSConfiguration.KEY_PROVIDER_URI,
|
|
|
"jceks://file@" + new Path(keyStoreDir.getAbsolutePath(), "kms.keystore").toUri());
|
|
|
- conf.set("hadoop.kms.authentication.type", "simple");
|
|
|
- return conf;
|
|
|
+ newConf.set("hadoop.kms.authentication.type", "simple");
|
|
|
+ return newConf;
|
|
|
}
|
|
|
|
|
|
public static void writeConf(File confDir, Configuration conf)
|
|
|
@@ -278,9 +298,8 @@ public class TestKMS {
|
|
|
if (kerberos) {
|
|
|
conf.set("hadoop.security.authentication", "kerberos");
|
|
|
}
|
|
|
- UserGroupInformation.setConfiguration(conf);
|
|
|
File testDir = getTestDir();
|
|
|
- conf = createBaseKMSConf(testDir);
|
|
|
+ conf = createBaseKMSConf(testDir, conf);
|
|
|
|
|
|
final String keystore;
|
|
|
final String password;
|
|
|
@@ -402,9 +421,8 @@ public class TestKMS {
|
|
|
final String specialKey = "key %^[\n{]}|\"<>\\";
|
|
|
Configuration conf = new Configuration();
|
|
|
conf.set("hadoop.security.authentication", "kerberos");
|
|
|
- UserGroupInformation.setConfiguration(conf);
|
|
|
File confDir = getTestDir();
|
|
|
- conf = createBaseKMSConf(confDir);
|
|
|
+ conf = createBaseKMSConf(confDir, conf);
|
|
|
conf.set(KeyAuthorizationKeyProvider.KEY_ACL + specialKey + ".ALL", "*");
|
|
|
writeConf(confDir, conf);
|
|
|
|
|
|
@@ -437,9 +455,8 @@ public class TestKMS {
|
|
|
public void testKMSProvider() throws Exception {
|
|
|
Configuration conf = new Configuration();
|
|
|
conf.set("hadoop.security.authentication", "kerberos");
|
|
|
- UserGroupInformation.setConfiguration(conf);
|
|
|
File confDir = getTestDir();
|
|
|
- conf = createBaseKMSConf(confDir);
|
|
|
+ conf = createBaseKMSConf(confDir, conf);
|
|
|
conf.set(KeyAuthorizationKeyProvider.KEY_ACL + "k1.ALL", "*");
|
|
|
conf.set(KeyAuthorizationKeyProvider.KEY_ACL + "k2.MANAGEMENT", "*");
|
|
|
conf.set(KeyAuthorizationKeyProvider.KEY_ACL + "k2.READ", "*");
|
|
|
@@ -697,9 +714,8 @@ public class TestKMS {
|
|
|
public void testKeyACLs() throws Exception {
|
|
|
Configuration conf = new Configuration();
|
|
|
conf.set("hadoop.security.authentication", "kerberos");
|
|
|
- UserGroupInformation.setConfiguration(conf);
|
|
|
final File testDir = getTestDir();
|
|
|
- conf = createBaseKMSConf(testDir);
|
|
|
+ conf = createBaseKMSConf(testDir, conf);
|
|
|
conf.set("hadoop.kms.authentication.type", "kerberos");
|
|
|
conf.set("hadoop.kms.authentication.kerberos.keytab",
|
|
|
keytab.getAbsolutePath());
|
|
|
@@ -975,9 +991,8 @@ public class TestKMS {
|
|
|
public void doKMSRestart(boolean useKrb) throws Exception {
|
|
|
Configuration conf = new Configuration();
|
|
|
conf.set("hadoop.security.authentication", "kerberos");
|
|
|
- UserGroupInformation.setConfiguration(conf);
|
|
|
final File testDir = getTestDir();
|
|
|
- conf = createBaseKMSConf(testDir);
|
|
|
+ conf = createBaseKMSConf(testDir, conf);
|
|
|
if (useKrb) {
|
|
|
conf.set("hadoop.kms.authentication.type", "kerberos");
|
|
|
}
|
|
|
@@ -1055,9 +1070,8 @@ public class TestKMS {
|
|
|
public void testKMSAuthFailureRetry() throws Exception {
|
|
|
Configuration conf = new Configuration();
|
|
|
conf.set("hadoop.security.authentication", "kerberos");
|
|
|
- UserGroupInformation.setConfiguration(conf);
|
|
|
final File testDir = getTestDir();
|
|
|
- conf = createBaseKMSConf(testDir);
|
|
|
+ conf = createBaseKMSConf(testDir, conf);
|
|
|
conf.set("hadoop.kms.authentication.kerberos.keytab",
|
|
|
keytab.getAbsolutePath());
|
|
|
conf.set("hadoop.kms.authentication.kerberos.principal", "HTTP/localhost");
|
|
|
@@ -1149,9 +1163,8 @@ public class TestKMS {
|
|
|
public void testACLs() throws Exception {
|
|
|
Configuration conf = new Configuration();
|
|
|
conf.set("hadoop.security.authentication", "kerberos");
|
|
|
- UserGroupInformation.setConfiguration(conf);
|
|
|
final File testDir = getTestDir();
|
|
|
- conf = createBaseKMSConf(testDir);
|
|
|
+ conf = createBaseKMSConf(testDir, conf);
|
|
|
conf.set("hadoop.kms.authentication.type", "kerberos");
|
|
|
conf.set("hadoop.kms.authentication.kerberos.keytab",
|
|
|
keytab.getAbsolutePath());
|
|
|
@@ -1459,9 +1472,8 @@ public class TestKMS {
|
|
|
public void testKMSBlackList() throws Exception {
|
|
|
Configuration conf = new Configuration();
|
|
|
conf.set("hadoop.security.authentication", "kerberos");
|
|
|
- UserGroupInformation.setConfiguration(conf);
|
|
|
File testDir = getTestDir();
|
|
|
- conf = createBaseKMSConf(testDir);
|
|
|
+ conf = createBaseKMSConf(testDir, conf);
|
|
|
conf.set("hadoop.kms.authentication.type", "kerberos");
|
|
|
conf.set("hadoop.kms.authentication.kerberos.keytab",
|
|
|
keytab.getAbsolutePath());
|
|
|
@@ -1548,9 +1560,8 @@ public class TestKMS {
|
|
|
public void testServicePrincipalACLs() throws Exception {
|
|
|
Configuration conf = new Configuration();
|
|
|
conf.set("hadoop.security.authentication", "kerberos");
|
|
|
- UserGroupInformation.setConfiguration(conf);
|
|
|
File testDir = getTestDir();
|
|
|
- conf = createBaseKMSConf(testDir);
|
|
|
+ conf = createBaseKMSConf(testDir, conf);
|
|
|
conf.set("hadoop.kms.authentication.type", "kerberos");
|
|
|
conf.set("hadoop.kms.authentication.kerberos.keytab",
|
|
|
keytab.getAbsolutePath());
|
|
|
@@ -1675,9 +1686,8 @@ public class TestKMS {
|
|
|
public void testDelegationTokenAccess() throws Exception {
|
|
|
Configuration conf = new Configuration();
|
|
|
conf.set("hadoop.security.authentication", "kerberos");
|
|
|
- UserGroupInformation.setConfiguration(conf);
|
|
|
final File testDir = getTestDir();
|
|
|
- conf = createBaseKMSConf(testDir);
|
|
|
+ conf = createBaseKMSConf(testDir, conf);
|
|
|
conf.set("hadoop.kms.authentication.type", "kerberos");
|
|
|
conf.set("hadoop.kms.authentication.kerberos.keytab",
|
|
|
keytab.getAbsolutePath());
|
|
|
@@ -1758,9 +1768,8 @@ public class TestKMS {
|
|
|
|
|
|
private void testDelegationTokensOps(Configuration conf,
|
|
|
final boolean useKrb) throws Exception {
|
|
|
- UserGroupInformation.setConfiguration(conf);
|
|
|
File confDir = getTestDir();
|
|
|
- conf = createBaseKMSConf(confDir);
|
|
|
+ conf = createBaseKMSConf(confDir, conf);
|
|
|
if (useKrb) {
|
|
|
conf.set("hadoop.kms.authentication.type", "kerberos");
|
|
|
conf.set("hadoop.kms.authentication.kerberos.keytab",
|
|
|
@@ -1884,9 +1893,8 @@ public class TestKMS {
|
|
|
@Test
|
|
|
public void testDelegationTokensUpdatedInUGI() throws Exception {
|
|
|
Configuration conf = new Configuration();
|
|
|
- UserGroupInformation.setConfiguration(conf);
|
|
|
File confDir = getTestDir();
|
|
|
- conf = createBaseKMSConf(confDir);
|
|
|
+ conf = createBaseKMSConf(confDir, conf);
|
|
|
conf.set(
|
|
|
"hadoop.kms.authentication.delegation-token.max-lifetime.sec", "5");
|
|
|
conf.set(
|
|
|
@@ -2023,9 +2031,8 @@ public class TestKMS {
|
|
|
|
|
|
Configuration conf = new Configuration();
|
|
|
conf.set("hadoop.security.authentication", "kerberos");
|
|
|
- UserGroupInformation.setConfiguration(conf);
|
|
|
final File testDir = getTestDir();
|
|
|
- conf = createBaseKMSConf(testDir);
|
|
|
+ conf = createBaseKMSConf(testDir, conf);
|
|
|
conf.set("hadoop.kms.authentication.type", "kerberos");
|
|
|
conf.set("hadoop.kms.authentication.kerberos.keytab", keytab.getAbsolutePath());
|
|
|
conf.set("hadoop.kms.authentication.kerberos.principal", "HTTP/localhost");
|
|
|
@@ -2113,9 +2120,8 @@ public class TestKMS {
|
|
|
public void doProxyUserTest(final boolean kerberos) throws Exception {
|
|
|
Configuration conf = new Configuration();
|
|
|
conf.set("hadoop.security.authentication", "kerberos");
|
|
|
- UserGroupInformation.setConfiguration(conf);
|
|
|
final File testDir = getTestDir();
|
|
|
- conf = createBaseKMSConf(testDir);
|
|
|
+ conf = createBaseKMSConf(testDir, conf);
|
|
|
if (kerberos) {
|
|
|
conf.set("hadoop.kms.authentication.type", "kerberos");
|
|
|
}
|
|
|
@@ -2218,9 +2224,8 @@ public class TestKMS {
|
|
|
public void doWebHDFSProxyUserTest(final boolean kerberos) throws Exception {
|
|
|
Configuration conf = new Configuration();
|
|
|
conf.set("hadoop.security.authentication", "kerberos");
|
|
|
- UserGroupInformation.setConfiguration(conf);
|
|
|
final File testDir = getTestDir();
|
|
|
- conf = createBaseKMSConf(testDir);
|
|
|
+ conf = createBaseKMSConf(testDir, conf);
|
|
|
if (kerberos) {
|
|
|
conf.set("hadoop.kms.authentication.type", "kerberos");
|
|
|
}
|
Xiao Chen